Browse > Article
http://dx.doi.org/10.17662/ksdim.2010.6.2.233

A Design on the Information Security Auditing Framework of the Information System Audit  

Lee, Ji Yong (서울지방경찰청 사이버수사관)
Kim, Dong Soo ((주) 키삭)
Kim, Hee Wan (삼육대학교 컴퓨터학부)
Publication Information
Journal of Korea Society of Digital Industry and Information Management / v.6, no.2, 2010 , pp. 233-245 More about this Journal
Abstract
This paper proposes security architecture, security audit framework, and audit check item. These are based on the security requirement that has been researched in the information system audit. The proposed information security architecture is built in a way that it could defend a cyber attack. According to its life cycle, it considers a security service and security control that is required by the information system. It is mapped in a way that it can control the security technology and security environment. As a result, an audit framework of the information system is presented based on the security requirement and security architecture. The standard checkpoints of security audit are of the highest level. It was applied to the system introduction for the next generation of D stock and D life insurance company. Also, it was applied to the human resources information system of K institution and was verified. Before applying to institutions, system developers and administrators were educated about their awareness about security so that they can follow guidelines of a developer security. As a result, the systemic security problems were decreased by more than eighty percent.
Keywords
Security Architecture; Security Audit Framework; Information System Audit;
Citations & Related Records
연도 인용수 순위
  • Reference
1 행정안전부, 정보시스템 감리기준, 행정안전부고시 제2008-18호, 2008. 6. 19.
2 한국정보보호진흥원, 정보시스템 구축단계별 정보 보호 가이드라인, 2004. 12.
3 한국정보사회진흥원, 정보시스템감리점검해설서 V3.0, 2008.
4 한국정보사회진흥원, 공공부문 정보보호 아키텍처 구성 방안 연구, 2004.
5 한국정보사회진흥원, 정보시스템 보안/통제 감리 지침 연구, 1998.
6 한국정보사회진흥원, 정보시스템 보안 감리지침 연구, 2004.
7 ISACA Korea chapter, CoBIT 4.0 한글판, 2006.
8 ISO/IEC 12207, Information Technology : Software Life Cycle Processes, Aug, 1995.
9 ISO/IEC 27001, International standard-Information technology-Security techniques-Information security management systems- Requirements, 2005.
10 NIST, Special Publication 800-53, Revision 1 Recommended Security Controls for Federal Information Systems, 2006, pp. 31-105.
11 Siponen, "Secure-System Design Methods: Evolution and Future Directions," IT Professional, vol. 8, no. 3, 2006, pp. 40-44.